Exploring the Metamorfo Banking Trojan
May 17, 2024, 4:03 p.m.
Description
This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entices users to click on HTML attachments, initiating a series of activities focused on gathering system metadata. The infection chain involves obfuscation techniques, URL evasion tactics, and the downloading of malicious payloads. The malware establishes connections with remote servers, collects sensitive data, disables security measures, performs registry modifications, and persists on the compromised system. The campaign primarily targets North and South American geolocations, aiming to steal victims' financial information and banking credentials.
Tags
Date
- Created: May 17, 2024, 3:38 p.m.
- Published: May 17, 2024, 3:38 p.m.
- Modified: May 17, 2024, 4:03 p.m.
Indicators
- zfi8ny6yi30s.website
- 89.117.37.61
- 89.116.236.122
- 51.38.235.152
- 80.211.249.77
- 38.54.20.37
- 216.238.70.224
- 212.46.38.43
- 192.46.216.151
- 185.45.195.226
- 185.185.87.45
- 172.105.111.154
- 158.69.110.217
- 154.223.16.114
- 149.100.158.179
- 139.177.193.74
- 54.39.10.87
- 86.38.217.167
- vqz8.gotdns.ch
- jkue.myftp.biz
- jan.viewdns.net
- baza.alta-bars.ru
- avs.myftp.biz
- a.3utilities.com
- yuphsa6qwtg5.online
- z5im1ou9o480se02pro.online
- x6vl9710f400g7alstar.online
- x50zbqev4po5.online
- newlife2020.club
- mpy8n37wvwu2now.online
- l155vcram2hl6ws0.online
- k6ue95v1ca2r.online
- albumdepremios.com.br
- cevda3jvv5oz1t37.online
- 6c48ax07dy25hvu0hub.online
- 4yw2twoy438df9qt.online
- 2xo0uaqv4cqds331mart.online
- 09dfwss6g1v73sya.online
- ad2.gotdns.ch